I have seen recent news that MITRE lost its gov contract and as a result the CVE program is ending today.
How is PMPC and the wider industry handling this and do we have something to pivot onto?
What is the impact of this to PMPC and our ability to perform dynamic assignments?
Good Afternoon!
We have been monitoring the situation with MITRE closely, as this has not only an impact on the entire industry but also on how we would track and inform customers about what risks they are mitigating with patches.
First some good news - Cybersecurity and Infrastructure Security Agency (CISA) - which is part of the Department of Homeland Security (DHS) has stepped in to ensure continued funding. At this time it looks like there will be no interruption of service to the CVE/MITRE solution.
In broader strokes, we have started considering in the event someone hadn't stepped in to ensure funding what could we do in the future, to ensure this doesn't cause an issue.
I'm sure this will something of a hot topic on next months Patch Tuesday Webinar!